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WHICHEVER IS LONGER, FROM THE MAILING DATE OF THIS COMMUNICATION. 
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earned patent term adjustment. See 37 CFR 1.704(b). 

Status 

I )K Responsive to communication(s) filed on 17 January 2006 . 
2a)D This action is FINAL. 2b)[3 This action is non-final. 

3) D Since this application is in condition for allowance except for formal matters, prosecution as to the merits is 

closed in accordance with the practice under Ex parte Quay/e, 1935 CD. 1 1 , 453 O.G. 213. 
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4) E3 Claim(s) 1-30 is/are pending in the application. 

4a) Of the above claim(s) is/are withdrawn from consideration. 

5) Q Claim(s) is/are allowed. 

6) IEl Claim(s) 1-30 is/are rejected. 

7) D Claim(s) is/are objected to. 

8) D Claim(s) are subject to restriction and/or election requirement. 

Application Papers 
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Replacement drawing sheet(s) including the correction is required if the drawing(s) is objected to. See 37 CFR 1 .1 21 (d). 
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DETAILED ACTION 

1 . Claims 1 -30 are pending. 

2. The RCE of 2/14/06 has been received and entered. 

Examiner's Comment 

3. The lengthy specification has not been checked to the extent necessary to determine the 
presence of all possible minor errors. Applicant's cooperation is requested in correcting any 
errors of which applicant may become aware in the specification. 

Claim Rejections - 35 USC § J 02 

4. The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that form the 
basis for the rejections under this section made in this Office action: 

A person shall be entitled to a patent unless - 

(b) the invention was patented or described in a printed publication in this or a foreign country or in public use or on 
sale in this country, more than one year prior to the date of application for patent in the United States. 

5. Claims 1, 8, 9, 10, 12, 14, 15, 17, 24-26, 28, 30 are rejected under 35 U.S.C. 102(b) as 
being anticipated by Aucsmith et al., US patent 5878144. 

In reference to claim 1 : 
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Aucsmith et aL discloses a person authentication system executing person authentication by 
comparing a template which is previously acquired person identification data with sampling 
information input by a user, said system comprising: 

• A person identification authority which create a person identification certificate for 
storing the template (Column 10, lines 1-60) & (Column 1 1, lines 1-64) and which issues 
the person identification certificate to an entity which executes person authentication, 
(Column 12, lines 17- Column 13, line 30) & (Column 1, lines 65 - Column 2, lines 26) 
& (Column 7, line 55-Column 8, line 5) 

• Wherein 

• Said person identification authority acquires the template and data for person 
identification from the user to be certified with the person identification certificate, and 
encrypts the template using a public key and creates and registers, on the basis of the 
identification of the user, the person identification certificate for storing the encrypted 
template which is the person identification data, (Column 5, lines 8-37) 

• The entity which decrypts the encrypted template stored in the person identification 
certificate and executes person authentication compares the decrypted template with the 
sampling information of the user so as to execute person authentication, and (Column 12, 
lines 17-34) 

• The public key used to encrypt or decrypt the template stored in the person identification 
certificate being a different public key depending upon the entity which executes 
authentication of a person. (Column 12, lines 17-34) 
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In reference to claim 8: 

Aucsmith et al. discloses the system according to claim 1, wherein said person identification 
authority issues, in response to a request from the entity which executes person authentication, 
the registered person identification certificate to the entity, and in the issuing of the person 
identification certificate to the entity, the template to be stored in the person identification 
certificate is issued as an encrypted data which may be decrypted in the entity, where the 
template is stored within the certificate (Column 10, lines 40-56) and where the certificate is 
encrypted as a digital signature (Column 5, lines 8-38) & (Column 1, lines 30-40) & (Column 2, 
lines 1-25), and where the encrypted data may be decrypted. (Column 12, lines 15-33) 

In reference to claim 9: 

Aucsmith et al. discloses the system according to claim 1, wherein said person identification 
authority issues, in response to a request from the entity which executes person authentication, 
the registered person identification certificate to the entity, and in the issuing of the person 
identification certificate to the entity, the template to be stored in the person identification 
certificate is issued as data encrypted with a public key of the entity, where the template is stored 
within the certificate (Column 10, lines 40-56) and where the certificate is encrypted as a digital 
signature (Column 5, lines 8-38) & (Column 1, lines 30-40) & (Column 2, lines 1-25), and where 
the encrypted data is encrypted with a public key, (Column 5, lines 8-38) 

In reference to claim 10: 
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Aucsmith et al. discloses the system according to claim 1, wherein said person identification 
authority updates, in response to a request from the entity which executes person authentication, 
the person identification certificate previously issued to the entity, and in the updating of the 
person identification certificate to the entity, a new person identification of which validity is 
reset is used to the entity, where when the data of the person identification certificate is updated, 
for example, if the stored person's fingerprint, hand print, or voice print changes over time, the 
validity may be reset to an "invalid" state. (Column 7, lines 55 - Column 8, lines 14) 

In reference to claim 12: 

Aucsmith et al. discloses the system according to claim 1, wherein said person identification 
authority performs comparison for verification based on the person identification certificate in 
response to a request from the entity which executes person authentication, and in the 
comparison for verification of the person identification certificate of the entity, the sampling 
information received from the entity is compared with the template in the person identification 
certificate stored in said person identification authority, and a comparison result is provided as a 
response to the entity. (Column 4, lines 10-20) & (Column 5,lines 8-38) & (Figure 12) 

In reference to claim 14: 

Aucsmith et al. (Column 2, lines 10-25) & (Column 5, lines 8-38) & (Column 7, lines 55 - 
Column 8, line 14) & (Column 10, line 1 - Column 12, line 15) discloses the system according 
to claim 1, wherein the template to be stored in the person identification certificate created by 
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said person identification authority comprises biometric information of a person selected from 
the group consisting of fingerprint information, retina pattern information, iris pattern 
information, voice print information, and hand writing information; non-biometric information 
selected from the group consisting of a seal impression, a passport, a driver's license, and a 
credit card; any combination of two or more of the biometric information and the non-biometric 
information; or a combination of any of the biometric or non-biometric information and a 
password. 

In reference to claim 15: 

Aucsmith et al. (Column 4,lines 13- 57) & (Column 5, lines 8-38) discloses the system according 
to claim 1, wherein the person identification certificate issued by said person identification 
authority includes the digital signature written by said person identification authority. 

In reference to claim 17: 

Aucsmith et al. discloses a person authentication method for executing person authentication by 
comparing a template which is previously acquired person identification data with sampling 
information input by a user, said method comprising the steps of: 

• Creating a person identification certificate for storing the template and issuing the person 
identification certificate to an entity which executes person authentication in a person 
identification authority. (Column 7, line 55-Column 8, line 5) 

• Acquiring the template and data for person identification from the user to be certified 
with the person identification certificate(Column 4, lines 10-20) & (Column 10, line 1- 
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Column 12, line 15), and encrypting the template using a public key and creating and 
registering, on the basis of the identification of the user(Column 3, lines 25-36), the 
person identification certificate for storing the encrypted template which is the person 
identification data, (Column 5, lines 8-38) 
• Decrypting the encrypted template and comparing the decrypted template with the 
sampling information of the user so as to execute person authentication in the entity 
which executes person authentication, the public key used to encrypt or decrypt the 
template stored in the person identification certificate being a different public key 
depending upon the entity which executes authentication of a person. (Column 12, lines 
18-33) 



Claim 24 is substantially similar to claim 8 and is rejected for the same reasons. 
Claim 25 is substantially similar to claim 9 and is rejected for the same reasons. 
Claim 26 is substantially similar to claim 10 and is rejected for the same reasons. 
Claim 28 is substantially similar to claim 12 and is rejected for the same reasons. 



In reference to claim 30: 

Aucsmith et al. discloses a program providing medium for providing a computer program which 
executes person authentication in a computer system by comparing a template which is 
previously acquired person identification data with sampling information input by a user, said 
computer program comprising the steps of: 
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• Acquiring the template and data for person identification from the user to be certified 
with a person identification certificate (Column 4, lines 10-20), & (Column 7, line 55 - 
Column 8, line 13) & (Column 10, line 1- Column 12, line 15) 

• Encrypting the template using a public key, (Column 5, lines 8-38) 

• Creating and registering, on the basis of the identification of the user, the person 
identification certificate for storing the encrypted template which is the person 
identification data, (Column 1, lines 65 - Column 2, lines 26) & (Column 5, lines 8-38) 
& (Column 10, line 1- Column 12, line 15) 

• Decrypting the encrypted template and comparing the decrypted template with the 
sampling information of the user so as to execute person authentication in the entity 
which executes person authentication, the public key used to encrypt or decrypt the 
template stored in the person identification certificate being a different public key 
depending upon the entity which executes authentication of a person. (Column 12, lines 
18-33) 

Claim Rejections - 35 USC § 103 

6. The following is a quotation of 35 U.S.C. 103(a) which forms the basis for all 
obviousness rejections set forth in this Office action: 

(a) A patent may not be obtained though the invention is not identically disclosed or described as set forth in 
section 102 of this title, if the differences between the subject matter sought to be patented and the prior art are 
such that the subject matter as a whole would have been obvious at the time the invention was made to a person 
having ordinary skill in the art to which said subject matter pertains. Patentability shall not be negatived by the 
manner in which the invention was made. 

7. Claims 2-7, 11,13, 16, 18-23, 27, 29 are rejected under 35 U.S.C. 103(a) as being 
unpatentable over Aucsmith et al, US patent 5878144. 
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In reference to claim 2: 

Aucsmith et al. fails to disclose the system according to claim 1, wherein said person 
identification authority acquires a template deleting request and the data for person identification 
from the user to be certified with the person identification certificate, deletes the template from 
the person identification certificate, and registers the person identification certificate in a 
revocation list on the basis of the identification of the user. 

The Examiner takes official notice that deleting a certificate and the information therein and 
placing such certificate in a CRL was well known at the time of invention. 

For Example, "Public Key Certificate Revocation Schemes" by Andre Arnes discloses a method 
of deleting the extensions to a certificate, such as a template. 

Arnes, page 9, paragraph 3 discloses a method of revoking a certificate, where the full 
information for each certificate is excluded, but only the revocation information. 

Arnes teaches that by deleting information that isn't necessary for its listing as a revoked 
certificate in a CRL, the network load can be reduced and the burden of transmitting large 
portions of the certificate that are not necessary to indicate its revoked status can be optimized. 
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It would have been obvious to one of ordinary skill in the art at the time of invention to delete the 
template from the certificate and register the certificate in a CRL in order to reduce the network 
load of computers maintain the deleted certificates. 

In reference to claim 3: 

Claim 3 is substantially similar to claim 2, the only difference being that claim 3 recites the 
generation of a new certificate with a new template information and data. Claim 3 is rejected for 
the same reasons as claim 2 with Aucsmith et al. (Column 5, lines 8 - 38) & (Column 4, lines 
45-55) reciting the additional generation of a certificate with template information. 

In reference to claim 4: 

Aucsmith et al. fails to disclose the system according to claim 1, wherein said person 
identification authority acquires an additional template and the data for person identification, 
together with a template addition request from the user to be certified with the person 
identification certificate, and creates and registers a person identification certificate for storing 
the additional template as well as the template of user on the basis of the identification of the 
user. 

Aucsmith et al. however does disclose a certificate that is specifically designed for data 
extensions, or information that may be added onto the certificate to provide information about 
the user. (Figures 3-9) While Aucsmith et al. does not explicitly disclose a request to add an 
additional template to the certificate, the invention of Aucsmith et al. may store a number of data 
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items to additionally identify a user. Moreover, the information to form this template is referred 
to as "extension data" with its particular "extension identifier". 

This information is used by Aucsmith et al. to validate the user. (Column 4, lines 10-20) 
Aucmisth et al. further teaches that "sufficient information must be present to specifically 
identify the owner of the certificate" (Column 5 lines 8-38) 

It would have been obvious to one of ordinary skill in the art to store an additional template of 
user information into the certificate of Aucsmith in order to better validate the owner of the 
certificate. 

In reference to claim 5: 

Aucsmith et al. fails to disclose the system according to claim 1, wherein said person 
identification authority acquires the data for person identification together with a template 
suspension request from the user to be certified with the person identification certificate, 
invalidates the template stored in the person identification certificate, and registers the person 
identification certificate in the revocation list, on the basis of the identification of the user. 

The Examiner takes official notice that a template suspension request was well known to those of 
ordinary skill in the art at the time of invention. 
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US patent 6044462 (Column 3, lines 1-20) & (Column 3, line 60 - Column 4, line 10) & 
(Figures 7, 8) discloses suspending a particular certificate and subsequently registering the 
certificate in a CRL. 

Aucsmith et al. (Column 7, line 55 - Column 8, line 10) additionally teaches that changing 
biometric information over time may invalidate the certificate. 

It would have been obvious to one of ordinary skill in the art at the time of invention to suspend 
a certificate that was suspected of being invalidated in order to maintain an accurate record of 
which information is certified and which information was not. 

In reference to claim 6: 

Claim 6 is substantially similar to claim 5 except for the difference that the certificate suspension 
request may be rescinded. US patent 6044462 (Column 3, lines 1-20) & (Column 3, line 60 - 
Column 4, line 10) & (Column 8, lines 1-13) (Figures 7, 8) further discloses the additional 
limitation of claim 6 where a suspended certificate may have its suspension canceled once the 
suspension period is up. 

Claim 7 recites the steps of deletion, changing, addition, suspension, or the canceling of the 
suspension of claims 2-6 and is rejected for the same reasons as claims 2-6. 

Claims 1 1 and 13, 27, 29 are rejected for the same reasons as claim 2. 

Claim 18 is substantially similar to claim 2 and is rejected for the same reasons. 



Application/Control Number: 09/943,683 Page 13 

Art Unit: 2134 

Claim 19 is substantially similar to claim 3 and is rejected for the same reasons. 
Claim 20 is substantially similar to claim 4 and is rejected for the same reasons. 
Claim 21 is substantially similar to claim 5 and is rejected for the same reasons. 
Claim 22 is substantially similar to claim 6 and is rejected for the same reasons. 
Claim 23 is substantially similar to claim 7 and is rejected for the same reasons. 



Conclusion 

8. The following art not relied upon is made of record: 

• RFC 2459 "Internet x.509 Public Key Infrastructure Certificate and CRL Profile" 
discloses the X.509 digital certificate standard. 

• US patent 6035398 discloses a cryptographic key generation method using biometric data 

• US patent 61 08788 discloses a certificate management system where the certificates 
contain user information templates. 

• US patent 6310966 discloses a biometric certificate processing method. 



9. Any inquiry concerning this communication from the examiner should be directed to 
Thomas M Ho whose telephone number is (571)272-3835. The examiner can normally be 
reached on M-F from 9:30 AM - 6:00 PM. 

If attempts to reach the examiner by telephone are unsuccessful, the examinees supervisor, 
Jacques Louis- Jacques can be reached on (571)272-6962. 

The Examiner may also be reached through email through Thomas.Ho6@uspto.gov 
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Any inquiry of a general nature or relating to the status of this application or proceeding should 
be directed to the receptionist whose telephone number is (571)272-2100. 

General Information/Receptionist Telephone: 571-272-2100 fax: 571-273-8300 
Customer Service Representative Telephone: 571-272-2100 Fax: 571-273-8300 



TMH 




April 16 m , 2006 



